SMTP beyond initial configuration

Posted on 2012-08-30
Last Modified: 2012-08-31
I am currently setting up an SMTP server on out windows server 2008 in a DMZ workgroup and I want to add basic SMTP authentication to it. I can see in the IIS 6 manager where I can enable basic authentication but where do I setup the usernames and passwords for it? Any advice on how to set up security? How do I keep my SMTP server from being blocked by spam filters?
Question by:bdpcpa
    LVL 38

    Expert Comment

    I'm not clear on what you're trying to accomplish here.  Are you just trying to set up the SMTP server so that it can relay email from programs on this machine or others in your DMZ to another specific email server?  Or trying to set it up so that various users can send email to anywhere, and if so why?  Are you sending out for a specific domain?  I may be able to provide some more specific advice when I understand better.

    In general, to keep from being blocked by spam filters:
     - don't send out spam
     - have your DNS records in order.  For a sending server, this means having a PTR record for the IP you're sending from, and for the name in the PTR record have an A record that points back to the same IP.
     - check blacklists to make sure your IP isn't already on any blacklists for whatever reason

    Author Comment

    Currently the email provider we use has to many security restriction enabled for simple web forms and server/event logs to email up with updates. We deal a lot with HIPAA information so we have requested all the security. We have a few internal websites and servers that we would like to be able to send email to us that won’t contain any special information. We set up the SMTP server just for those devices. I have restricted access to it by ipaddress but I would like a little more security just to be safe. The Lead admin does not want to use a 3rd parties SMTP server like Google or what not so he wants me to set up an SMTP server.
    LVL 38

    Accepted Solution

    So you're just wanting to restrict what can relay through the SMTP server?  ...and you have a 3rd Party email provider?  Do already have the relay working?  Are you wanting to be able to send to any domain from this server?  What I'm trying to work out is exactly where the SMTP server will relay to, and from where, and when it needs use authentication.

    This page provides some good guidance on setting up restrictions:
    Use the Access tab to configure the inbound restrictions, and use the Delivery tab > Outbound Security if you want to set up authentication between the SMTP server and your email provider.  Typically I just restrict by IP.  I think this is more secure than requiring basic authentication (unless you use TLS).  I would rely more on your firewall to restrict what SMTP traffic gets to the SMTP server than I would on the restrictions set up in the SMTP server itself.

    If you've already got all the relays working the way you want, but  what you're looking to do is specify which users will be allowed as valid credentials, I'm pretty certain this is not possible with the basic SMTP server role of Windows Server.  Any user which can authenticate would work.

    Author Comment

    I will restrict by ip address and use the firewall to stop smtp request from outside of my network.

    Author Closing Comment

    Thanks for the help

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
    Lync server 2013 Backup Service Error ID 4049 – After File Share Migration
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now